A long, hard look at healthcare data breaches at the end of 2018

A long, hard look at healthcare data breaches at the end of 2018

As 2018 winds down to a close, we look back at the state of cybersecurity in the healthcare industry. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires healthcare professionals to ensure that the data of their patients and consumers are kept private and protected. Sadly, data breaches in healthcare organizations have been increasing every year, and 2018 is no exception.

The rising number of data breaches

In 2018, research from the Center for Quantitative Health at Massachusetts General Hospital revealed that since 2010, there have been a total of 2,149 healthcare breaches involving 176.4 million patient records.

Another study published in the Journal of the American Medical Association corroborates the Center’s findings. This latest study puts the number of records breached at around 176 million, or about 344 breaches per year. That’s a 70 percent increase from seven years ago.

While doctors' offices and healthcare providers were the usual targets of cybercriminals, big health plan companies saw the most number of compromised health records — 110.4 million over a seven-year period. A huge chunk of that belonged to the 2015 breach at Anthem Inc., the largest US health insurance company, with 179 million client records compromised.

The rising cost of data breaches

As the number of data breaches increases, so do the corresponding costs. A 2018 Cost of a Data Breach study by IBM Security and the Ponemon Institute showed that from $380 per record in 2017, the cost of a data breach rose to $408 per record in 2018. That’s nearly three times higher than the average cost per record across all industries. And for eight consecutive years, the healthcare industry incurred the highest cost for data breaches among all other industries.

The rising trend is global. The same 2018 study shows that the global average cost of a data breach has increased 6.4 percent from last year to $3.86 million. When compared to $3.5 million in 2014, that’s almost a 10 percent increase over the past four years. And the average cost for each lost or stolen record, across all industries around the world, also increased by 4.8 percent to $148 per record.

The additional costs from data breaches

The impact of a data breach is not just measured by the number of records compromised or costs in dollars. Other costs that accompany a data breach include:

  • Reputational damage – The more massive the data breach, the bigger a public relations nightmare it is for the company. A breach compromises customer trust and devalues the brand name.
  • Customer turnover – Unless you say and do something to mitigate the loss of trust, you’ll see customers migrating to competitors.
  • Operational costs – Recovery from a breach takes time, effort, and money. It disrupts operations as you plug leaks and put in place better defenses.
  • Insurance premium increases – Thanks to several high-profile breaches in health insurance companies, cyber insurance premiums have skyrocketed. After their 2015 data breach, Anthem found their insurance renewal rates to be “prohibitively expensive.”

IBM and Ponemon’s 2018 Cost of a Data Breach also studied the abnormal churn rates (ACR) among 17 different industries. ACR is defined as “the greater than expected loss of customers following a data breach incident.” Not surprisingly, the healthcare industry has the highest ACR at 6.7 percent, compared to the 3.4 percent average among other industries.

The alarming rise of mega-breaches

Mega breaches are those involving more than a million records. In 2013, nine mega-breaches were reported. In just five years, that number has nearly doubled, with 16 mega-breaches in 2017. The average cost of a mega-breach of 1 million records is around $40 million dollars; a breach affecting 50 million records can cost up to $350 million dollars.

Especially alarming is 10 out of 11 of these mega-breaches are not from system or human errors, but from malicious criminal attacks.

And it took a year before these mega breaches were detected and contained — the average time for mega-breach detection was 365 days, comparatively longer than the 266 days on average for smaller-scale breaches.

The need for managed services providers and proactive cybersecurity

As 2018 ends, it’s clear that breaches will continue to be a security concern for all. And if you’re in the healthcare industry, you need to prioritize data security.

That’s why you should partner with a managed services provider (MSP) like Online Computers — our experts have extensive experience providing IT solutions and proactive cybersecurity services to healthcare enterprises like yours, and we’ll help ensure you are always HIPAA-compliant. If your business is in and around Hanover, Morristown, and Madison, make it your New Year’s resolution to give us a call. We’ll make sure you’ll start 2019 safe and sound.

Like This Article?

Sign up below and once a month we'll send you a roundup of our most popular posts

Did you like this blog? Here are some similar topics you might be interested in:

Learn about the latest trends on healthcare technology and how it's shaping the future of healthcare services. Read more.

Healthcare consistently faces technological challenges. Here are some tips on how to overcome these challenges. Read more.

Research has shown that use of health records elevate the quality of patient care. Read more.

Keep all types of cyberthreats at bay by adopting our comprehensive cybercrime defense game plan. Download our free eBook today to learn how!Download here